LXD

The Linux container hypervisor

Fast, dense and secure container management for Ubuntu

What is LXD (“lex‐dee”)?

Imagine you could launch a new machine in under a second, and that you could launch literally hundreds of them on a single server. Now, imagine hardware‐guaranteed security to ensure that those machines can’t spy on one another. Imagine you can connect them separately and securely to networks. And imagine that you can run that on a single node or a million, live migrate machines between those nodes, and talk to all of it through a clean, extensible REST API.

By combining the speed and density of containers with the security of traditional virtual machines, Canonical’s LXD is the next‐generation of container hypervisor for Linux.

Building on LXC (“lex‐cee”)?

Ubuntu is the most popular platform for container engineering, including Docker and LXC. We’re passionate about enabling that innovation to go further and faster.

Developers love LXC because it gives them an near instant, full system container where they can run a wide range of Linux operating environments.

They can run LXD on all the machines on which they want to create and tear down these environments, using LXC to drive the process from anywhere on the network.

Is LXD a real Linux hypervisor?

We’re working with silicon companies to ensure hardware‐assisted security and isolation for these containers, just like virtual machines today. We’ll ensure that the kernel security cross‐section for individual containers can be tightened up for each specific workload. We’ll make sure you can live‐migrate these containers from machine to machine. And we’re adding the ability to bind storage and network interfaces to the containers, just like virtual machines.

All of this work is aimed at giving you the full experience of virtual machines and the full security of a hypervisor, but much, much faster. Without all that virtualisation overhead, you get the full underlying performance of your host environment. On bare metal, these containers are just as fast as the native OS. In the cloud, you’re getting subdivided machines without sub‐par performance.

And Docker?

Docker is an amazing application delivery mechanism, which may change the world of devops forever.

There are seven times more Docker containers running on Ubuntu than any other OS. For the most efficient way to deliver your binaries to a platform for execution, Docker is the dance for us.

LXD and Docker share some underlying kernel capabilities, we aim to bring much of the awesome security and isolation of LXD to Docker as well.

With Ubuntu 16.04 LTS, you can run your Docker containers inside LXD containers.

Why use LXD?

Full operating system functionality within containers, not just single processes

Maximum density of guests per host, providing a cost benefit when running in a public cloud

Allows easy management and sharing of hardware resources, and easy monitoring of customer processes directly from the host level

REST API, and simple, single command line with proper help and documentation

Integration with OpenStack

The combination of LXD and OpenStack makes for a very happy system administrator in a Linux‐oriented private cloud. All the agility of OpenStack, all the performance of your metal with no virt overhead.

As a validation point, we’ve included the nova‐lxd driver in Ubuntu 16.04, and are committed to steering this into upstream OpenStack.

This new driver allows OpenStack instances to be scheduled as Linux Containers. Images are booted from OpenStack’s image service, Glance, and instances communicate over Neutron’s networking functionality just like KVM based VMs do.

Getting started with LXD

The simplest way to try LXD is by using it with its command line tool. This can easily be done on your laptop or desktop machine.

On a system running 16.04 LTS you can install LXD with:

sudo apt update
sudo apt install lxd
sudo lxd init

For other Ubuntu releases, like Ubuntu 16.04 LTS and Ubuntu Core, detailed instructions are available on linuxcontainers.org